Here are the resource files from Jun Heider and I presentation on using Flash for P2P applications in the enterprise, at 360 Flex DC.
Securing streaming audio and video content for delivery via the Flash player is a critical concern as the demand and consumption of audio and video over the Internet grows at an exponential rate. This document provides a very brief overview for some of the protection options available with the Flash platform.
Delivering content via a Flash Media Server or from a Flash Video Streaming Service such as a CDN (Akamai/Limelight/etc.) often offers the best performance, security, and capabilities. The following is a list of basic security options for delivering content via a Flash based streaming server infrastructure:
- SWF Verification
- Description: Verifies client SWF attempting to connect to the streaming server against server stored reference file/s. Does this using a bytecode verification system. If user is not using an allowed SWF then it simply blocks the connection before the stream can start. Can work for web based or AIR desktop clients.
- Requirements: A streaming server or service with FMS 3.0+ or greater base.
- Benefits: Provides fairly decent level of security by verifying the accessing SWF is the one you define at the server. Simple to use, and low to none performance implication.
- Drawbacks: Can be a major hindrance during development, or during new releases as propagation time and validation type can very when its not a private environment.Is not a true content protection measure but an excellent additional line of defence.
- RTMPE (Encrypted Protocol)
- Description:RTMPE is an enhancement to the RTMP protocol developed by Adobe/Macromedia, that adds a strong connection based encryption without as much overhead as a SSL based RTMPS connection – in general bearing much of the same security without as much performance and capacity loss. There are some known vulnerabilities with RTMPE, though still many of the major providers (including hulu.com) use it as a primary line of defense. When choosing RTMPE for content protection it is very important to disable the non-encrypted protocols such as RTMP and RTMPT.
- Requirements: A streaming server or service with FMS 3.0+ or greater base.
- Benefits:Ease of implementation, reasonable capacity implications, and widespread accepted use.
- Drawbacks:Some known vulnerabilities, has about a 15-20% per server capacity overhead when compared to un-encrypted RTMP.
- RTMPS (SSL Encrypted Protocol)
- Description: Is a standard SSL encryption that requires fetching of a SSL Certificate. This is not recommended for normal use cases due to performance implications and RTMPE is generally more advised.
- Requirements: SSL certificate and RTMPS enabled on the server
- Benefits:Standard securitty
- Drawbacks: Performance and capacity implications
- Token Authentication
- Description: Offered by most CDN’s. Provides standard session based user authenticated token assignment and verification at the connection level with the server and the client. This offers a great user or session based security enhancements to connections. Is often used with RTMPE and SWF Verification for a good set of defense.
- Requirements: Either custom development or implementation of an existing service from a provider such as a CDN. CDN’s often will provide API for integration and or OSMF components.
- Benefits: Allows for service based authentication system for added security. Industry standard strength and implementation – thus widely available.
- Drawbacks: Will usually have an additional cost from the CDN. Can take more work to implement, pending on the features and use.
- Domain Based Client Access List
- Description:This is a server side white/black list of domain hosts that will be allowed to connect to the server instance or application. This is valuable for a simple line of defense if the client application will only be hosted at a finite number of locations. Can be configured to have separate lists for HTTP hosts and SWF file hosts.
- Requirements: Server side configuration and a predefined list of accepted or rejected domains
- Benefits: Can be simple an effective in a limited stance
- Drawbacks: May not be supported by all or any top level CDN’s. Can be easily spoofed.
- Server-Side User Authentication
- Description: Server side user credential authentication. The general idea is the users credentials are sent to the server instance and the server performs whatever authentication (usually HTTP based authentication to application tier and a DB). If the user is accepted and granted permission to the content they are trying to access the connection and or the stream is allowed.
- Requirements: Server Side Action Script (SSAS). Generally not supported at all by CDN’s other than full FMS CDN’s – though fully supported by Flash Media Interactive Server. (Influxis does support this from a CDN perspective)
- Benefits: Offers the most configurable and granular control with user based credentials and authentication.
- Drawbacks: Not available on most CDN’s and may require complex SSAS.
- DRM: Flash Access 2.0
- Description: Enterprise level digital rights management protection. This is the good stuff – but it comes at a price. It offers full industry standard and accepted top level encryption of content and a standard lease management and rules system. Key thing to note if purchasing is this is a SDK – not an out of box solution. It is a Java based platform, and requires custom development to implement.The SDK offers the framework for everything from content preparation to user authentication and lease management. Providers are also emerging to offer Flash Access 2.0 as a service (ezdrm.com) to avoid infrastructure and cost barriers
- Requirements: Flash Player 10.1+ for streaming content or Adobe Air 2.0+ for streaming or offline.
- Benefits: Accepted solution by the top media studios. Top level protection and management. Period.
- Drawbacks: Cost and implementation if custom can take some time and lots of energy.
Check out this post:
Just think of the possibilities
So I am siked to presenting at 360|Flex DC coming up later this year. RealEyes is owning the first day app track with 3 back to back sessions. Check out the schedule here: http://360flex.com/downloads/schedule.pdf and go register for the event here: http://www.360flex.com/register/.
360|Flex conferences are hands down one of the best conferences for Adobe Flash/Flex application development. You can not go wrong attending this conference. More info to come soon.
Last week Jun and I gave a presentation on peer-assisted networking in Flash Player 10, 10.1 and AIR 2. This presentation was based on the presentation we gave at 360|Flex earlier this year with some updated slides and some new demos.
So, to start you can check out the resource page for the original presentation we gave. There you will find the slides and the first round of demos: http://www.iheartair.com/?page_id=609
In addition to that, we now have an updated slide deck: http://www.iheartair.com/samples/conferences/rtmfp_edu/P2P_RTMFP_Welcome_edu.pdf
We also have two new demos:
New Demo 1 – Broadcasting Audio/Video using IP Multicast on a LAN
The first new demo took the existing Multiuser Video demo and enabled it for IP Multicast communication on a LAN without the need for Adobe Stratus: http://www.iheartair.com/samples/conferences/rtmfp_edu/RTMFP_IPMulticastDemo_Flash.fxp
New Demo 2 – eLearning POC
The second demo requires two application and represents some bare-bones concepts to allow one to build eLearning applications with real-time feedback and no need for servers other than Adobe Stratus:
The client is a Flash Player based application and uses OSMF to play some media. It plays a movie for 20 seconds, then swaps it out for a SWF that asks the user what the movie title was. If they type in ‘elephants dream’ then two things will happen. First, the OSMF media player will allow the user to continue watching the movie. Second, the application will use P2P to send real-time student feedback to the manager application. (Peer ID + “Test Passed”) Here’s the source: http://www.iheartair.com/samples/conferences/rtmfp_edu/RTMFP_InteractiveOSMFDemo.zip
The manager application is an AIR 2 application. It’s very basic and when you run it it will just show a blank screen. However, if you leave it running and test the client application, you will start receiving feedback in this application whenever someone successfully types in ‘elephants dream’. You can find the source here: http://www.iheartair.com/samples/conferences/rtmfp_edu/RTMFP_InteractiveOSMFManagerDemo.fxp
As always, these are presentation demos. They should not be construed as production code…or even super clean code. For the most part they were done in a hurry around ‘real’ work. They will however illustrate the core concepts that you will need to build your peer-assisted Flash Player applications.
Feel free to ping me if you have any questions, and enjoy!
Here are the resources for my OSMF Deep dive-ish presentation at 360|Flex San Jose:
Flash Builder Archive: http://david.realeyes.com/wp-content/uploads/360Flex_OSMF_DeepDive.zip
Check it out!
Jun Heider and I got a new article up on Adobe Devnet about the awesomeness that is Stratus 2.0, RTMFP, and the power of ‘groups’.
Here is the article:
And here is the first couple of paragraphs:
dobe Flash Player 10.1, Adobe Stratus 2, and Real-Time Media Flow Protocol (RTMFP) are setting a firm foundation for peer-to-peer (P2P) with peer-assisted networking. Using the capabilities of groups and the new features around them, you can make deployments of nearly any scale and take advantage of multiuser interactive applications for data and media. Everything from application-level video multicasting to swarming file delivery and multiuser games are within easy reach of developers, without the heavy burden being laid upon a server infrastructure.
This is the first in a series of articles that focus on P2P capabilities of the Adobe Flash Platform, Adobe Stratus, and RTMFP. Future articles will dive deeper and provide a hands-on approach to utilizing the new groups and peer-assisted network topologies to make corporate enterprise, social media, and entertainment applications.
We got the new RealEyes OSMF Player Sample project up, with an intro document and all!
This is a slick project we are working on and just the beginning. Below is a excerpt and the link to the Google Code Page.
The Realeyes OSMF Player Sample (REOPS) offers an excellent base for creating a robust video player utilizing the Open Source Media Framework (OSMF) from Adobe. REOPS is meant to be a building block for developers as well as a visual representation to illustrate the capabilities and how to of the OSMF framework.
The REOPS project includes a very extensible and robust control bar skinning solution and templates to help customize the control bar, as well as Full-screen support, Closed Captioning from an external file, and OSMF dynamic plugin support. The REOPS project can be used to deploy easily customized video players that support progressive video playback, video on demand streaming, live streaming and dynamic streaming. What is more, all of these features are configurable from an external XML file.
Check out the Intro Document directly here:
The amazing UI master Juan Sanchez recently did a post about the skinning process he underwent with us working together on a new Open Source Media Framework (OSMF) Sample Player we have been developing here at RealEyes for Adobe and the community. All I will say is its going to be awesome!
Check out Juan’s article here: